See if I can answer this the best I can.
Google is starting to force users to use 2FA for security reasons (I already use it on my account so I've never seen the email). AquaMail supports multiple ways of logging into Gmail (and yes it supports 2FA). There are three ways that I've seen this works. First, Connect a Gmail account from the phone's Settings (uses Google account used too sign into Android or any other Google accounts used to sign into Google services. Doesn't require 2FA authenticating). Second, using oauth2 which is a protocol that has you sign in through the web portal (you will have to use 2fa when logging into the website). Third, Manual, IMAP, or POP3 with an app password.
No matter which method you use you will only need to enter the password or 2FA authenticate during the initial setup. You will not need to enter them when using the app (after the setup).
Suggested tip, once the accounts are added make a backup (settings - data storage - backup & restore) before making any other setting changes. That way you can do a restore if you mess up any of the setting changes. Then once you have all the settings the way you like them make another backup. I store a copy of the backup in the cloud making it easy to restore if I get a new device or have to wipe my device. The backup will keep all the account info so you won't have to login again or create a new app password (if you have to use that method for one of the account). On very rare occasions do I have to re-login to an account. If I have to re-login for server side issues or changed password, then I also create a new backup.
